On "possibilistic thinking" vs. "probabilistic thinking" for
low-probability/high-severity events--
It's not the probabilistic side of risk management that is the problem, it
is the severity side. The severity of large-scale events is simply not
commensurate with even multiple small-scale events. A single flood that
devastates my house is much worse than a lifetime of house-maintenance
problems even if I spend more money overall on the house maintenance,
because I can tolerate the house maintenence but cannot withstand the
flood. So putting my house on a "once per lifetime" floodplain is unwise,
even if the likelihood really is "once per lifetime".
The approach should be to look at the high-severity event and ask "how
often can we tolerate this?" and then argue about whether the possibilities
of the event occuring are compatible with that tolerance. We're willing to
tolerate a car death every 13 minutes, but are not willing to tolerate a
fatal large aircraft crash every year, and certainly not a Chernobyl every
25 years.
So let's see, there are 442 nuclear reactors world-wide. To cut the
incident rate down to once per 100 years world-wide, that means each
reactor can tolerate at most one catastrophic event per 44,200 years. So
definitely considering the tsunami history since 867 is well within even
this rather simplistic "probabilistic" analysis, and evaluating each plant
against the worst-case conditions known in the complete historical record
is not conservative enough.
--Dr. Daniel P. Johnson
Original Message:
-----------------
From: Peter Bernard Ladkin ladkin@xxxxxx.uni-bielefeld.de
Date: Thu, 31 Mar 2011 12:17:56 +0200
To: carl@xxxxxx.com, safety-critical@xxxxxx.york.ac.uk
Subject: Re: [sc] Fukushima, the Tsunami Hazard, and the Engineering Record
I wrote an essay which puts many of the themes together which have been
touched on here at
http://www.abnormaldistribution.org/2011/03/31/fukushima-dai-ichi-accident-s
ociologist-needed/
There is a group at our residential research institute ZiF this year
studying Communicating
Disaster. It is mainly composed of sociologists, but there are a couple of
computer scientists and a
geographer or two, and one voluble system-safety specialist. We have just
produced a set of short
essays for the quarterly ZiF journal (which reports results of residential
research groups and their
conferences). The note referenced above is based on mine.
I think Nancy's suggestion for a public hazard analysis rather than full
public safety case is
interesting, for three reasons.
First, controlling for confirmation bias. I agree with Nancy, Carl, Mike
and Myriam that it must be
controlled for. It is an interesting point whether it is more likely to be
present in a full safety
case than in a HazAn alone. I can see Nancy's point that it is prima facie
more likely.
Second, focusing on the HazAn alone rather than risk and rationale.
Something similar has been
argued by the sociologist Lee Clarke, who has suggested that "possibilistic
thinking" is a more apt
guide to decision-making about such low-probability high-severity phenomena
as nuclear power plant
accidents than probabilistic thinking, as used in the risk analysis. Lee
told me that it is similar
to HazAn, but broader. He argues the efficacy of the possibilistic
analysis, the HazAn, well.
Third, there is a reason not to include a full risk analysis, which is that
the severity of such
events, as I pointed out in my note here to Peter Bishop, and also in the
blog post, is very
malleable. People who make serious attempts (with or without an agenda) to
estimate the severity
differ by up to four orders of magnitude in their results. You cannot base
any sensible risk
estimate on such variable figures. But you can still have a very good shot
at a complete HazAn.
However, someone will have argued, using some set of figures, in the safety
case, for a specific
risk. If it is garbage, it is better that the garbage is out in public for
all to read and condemn.
Charles Perrow, Lee Clarke, John Downer and Martyn Thomas have all
indicated their willingness and
availability to participate in a small workshop which I shall try to
organise in Bielefeld in August
on high-severity sociotechnical risk. I am aiming for equal parts
discussion and talks. Could anyone
who might be interested in attending please drop me a short personal note?
PBL
Peter Bernard Ladkin, Professor of Computer Networks and Distributed
Systems,
Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
Tel+msg +49 (0)521 880 7319 www.rvs.uni-bielefeld.de
--------------------------------------------------------------------
mail2web - Check your email from the web at
http://link.mail2web.com/mail2web